[Previous Months][Date Index][Thread Index][Join - Register][Login]
[Message Prev][Message Next][Thread Prev][Thread Next]

[IP] SPAM: ways to stop it.

For those of you who are having problems with SPAM, there's a couple
things you can do to stop it, or at least make it difficult for the
spammer to continue.....  I am the Network Solutions contact for our
domain (aar.com), and have to deal with similar spam occasionally.

I send this after reading someone who is on msn.com, and thought they
should forward the spam to msn.  It needs to go to the domain tha
originated the email, and NOT your own ISP (unless it also came from
the same ISP or domain).

If you don't care, disregard the rest of this email.  Otherwise, read 

You NEED to look at the header of the email.  There should be one or
more "Received:" lines in the header, with dates.  The first "Received:"
line (which is the last in order, from top to bottom), is the actual person
who sent the spam email.  You NEED to look at this address, since the
"From:" or "Replay to: lines usually contain false addresses, and the
"Received:" line has the actual addresses of the computer that originate
the email (assuming they aren't using even more serious stealth techniques).

For example, I have the following header from a spam email:

---------------- Header starts here ------------------
> From email @ redacted  Mon Dec 13 00:18:50 1999
> Return-Path: <email @ redacted>
> Received: from firewall.imedia.se ([])
> 	by babbage.aar.com (8.9.3/8.9.3) with ESMTP id AAA00919
> 	for <email @ redacted>; Mon, 13 Dec 1999 00:18:49 -0700
> From: email @ redacted
> Received: by firewall.imedia.se; id IAA27454; Mon, 13 Dec 1999 08:00:15 +0100 (CET)
> Date: Mon, 13 Dec 1999 08:00:15 +0100 (CET)
> Message-Id: <email @ redacted>
> Received: from 98ac7ec4.ipt.aol.com( by firewall.imedia.se via smap (4.1)
> 	id xmakqa003; Mon, 13 Dec 99 07:59:17 +0100
> To: email @ redacted
> Subject: 3 Days - 2 Nights - Tickets for Two - FREE!
NOTE: disregard the "> " - it is needed to include the header in this email!
---------------- Header ends here ------------------

The info in the bottom Received line, shows it came from AOL.COM, at 
IP address, on 13 Dec 99, at 07:59:17 +0100.  The
folks who handle spam from AOL need this info, and can track down
exactly which user did it, and REMOVE them from their system.

But, if the email has the warning at the end, allowing you to remove
your name from their list, then it is perfectly LEGAL, and cannot be
stopped by law (unless they persist after requesting you to be removed).  
If it fails to have the option of removing you from the email mailing 
list, then it is ILLEGAL - IF IT ORIGINATED in the US, or perhaps other 
countries that have such anti-SPAM laws.

Once you know it is an illegal spam email, and the domain it came from
(AOL.COM in this case), you can send the COMPLETE EMAIL (including header)
to the administrator of the domain. Recently, this is done by sending to
to abuse@[domain], (email @ redacted in this case).

If the domain doesn't support the "abuse" email address, you may need
to do more investigations to determine who at the domain deals with
problems.  If you're using a UNIX system, the "whois domain" might
provide the email address of the proper people, or trying to obtain
the technical contact for the domain through www.internic.net.

You can also try going through www.abuse.net, to complain, and
find out who is responsible for the domain where the spam came

NOTE:  "Domain" is usually the last two parts of the email address.
In the case of email @ redacted, the domain is aol.com (for

Hope that helps those of you who are getting spammed!


for HELP or to subscribe/unsubscribe, contact: HELP@insulin-pumpers.org
send a DONATION http://www.Insulin-Pumpers.org/donate.shtml